[cap-talk] an attack on the pet name tool bar

[David Hopwood]

Ian G wrote:
> David Hopwood wrote:
> 
>> The problem here is obviously the "false petname bar".
>> It almost goes without saying that the petname bar must not
>> be spoofable (e.g. by always displaying it at the top of
>> all windows that can be used for browsing, and preferably
>> by distinguishing those from all other windows). Isn't this
>> true of the security-related GUI elements for any possible
>> solution, including the TrustBar?
> 
> Yep.  But how does a phisher ask for the logo?

He knows which logo will be used by most users because it's the
one provided by the website. *If* there were an attack based
on the attacker knowing the logo, that would be sufficient. But
what's the attack? I don't see one.

-- 
David Hopwood <david.nospam.hopwood at blueyonder.co.uk>